Sensors such as, for example, honeypots, may traditionally be deployed external to a firewall (e.g., on a Demilitarized Zone (DMZ) network). However, more sophisticated attackers may have sufficient information to determine that network information (e.g., addresses and ports) associated with a DMZ network are not the intended targets. This may render honeypots or sensors ineffective for detecting attacks. Furthermore, some attacks may initiate from inside an internal network and may be directed towards a separate portion of an internal network. For example, a contractor or disgruntled employee with access to a corporate engineering LAN may attempt to access an accounting LAN of the corporation. Sensors located external to an internal network are ineffective to detect such attacks. Additionally, a sensor located on an internal network may have a limited or no ability to perform diagnostic actions during an attack because of a risk of exposing an internal network to malware or other threats.
In view of the foregoing, it may be understood that there may be significant problems and shortcomings associated with current sensor based attack management technologies.